Jump to content

bjm__

Member
  • Posts

    9
  • Joined

Posts posted by bjm__

  1. 9 hours ago, JeremyNicoll said:

    That's not encouraging...   Hopefully someone from Emsi will come along and explain.

    It seems to me that there's three issues: first, whether or not with 'Paranoid' being set, files are being scanned as they are downloaded.   I'd certainly have hoped so; if not we need an "even more Paranoid" setting...

    Secondly (if files are being scanned on download): why is a scan-on-download not making the same detection as a custom scan later on?   Downloading files is surely the main way that most of us get potential malware, so a scan then should be as thorough/rigorous as possible.

    FWIW ~ KMSpicko-setup file is Zip'd = KMSpico-setup.zip .... so Emsisoft may only scan setup.zip on the surface (if at all).  
    On demand setup.zip scan may/will scan n' detect different.   Note: KMSpico-setup.zip extract is password protected.   My on-demand scan KMSpico-setup.zip with my current resident security (not Emsisoft) reports No threats found.  

    My current resident security (not Emsisoft) did not report on the KMSpico-setup.zip download....however, did detect n' quarantine KMSpico-setup.exe as Threat name: PUA.Keygen.KMS & PUA.Keygen.KMS!g3
    Granted Threat names are not relevant.  

    File: KMSpico-setup.zip
    File size: 3.05 MB (3,194,701 bytes)
    MD5 checksum: B1212B7DB00725AFB7E3E64D6BBA7921
    SHA256 checksum: 9C5FA44E371B28A0A1A710B2438FBAB1D2F2F3120951E80A3603B69D3209339A

    Filename: KMSpico-setup.exe
    Threat name: PUA.Keygen.KMSFull Path: C:\Users\bjm\Desktop\KMSpico-setup\KMSpico-setup.exe
    File Thumbprint - SHA:64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a
    File Thumbprint - MD5:a02164371a50c5ff9fa2870ef6e8cfa3

    Just my $.02   Zip'd samples need extra scrutiny.  

    Edit: about an hour later on a routine automatic quick scan.
    File: C:\Users\bjm\Desktop\ KMSpico-setup.zip Threat Removed

  2. 14 minutes ago, GT500 said:

    We don't have an official Black Friday sale (which is why it wasn't publicized via any of our normal marketing channels), however some of our affiliates did want to do a Black Friday sale, which is why some of them announced a sale. If you want to purchase a license key through one of our affiliates to take advantage of the sale, then feel free to do so. ;)

    Um, so since you cannot answer my questions.   Um, who may answer...?

    1) Does license period start when purchased or when first activated?
    2) Does Emsisoft license and/or Ashampoo license have an activate by (expire) date?
    3) Does renewal loyalty discount go against the then full retail price or against what I paid ...e.g., 50% off ?
    4) May I save this e.g., 50% off key to use (some time in the future) as renewal key?

    Um, how would I distinguish this https://shop.emsisoft.com/34/purl-BF2017 from an Official offering?
    Looks darn Official to me.  Just saying.

    Um, btw Cleverbridge told me to ask Emsisoft Support my questions.

  3. Hello again,
    I'll have to find email notification option (if there is one).

     

    Great, so....EEK fits my current need.

     

    Imagine EEK has a reason for detecting Group Policies.  
    Perhaps, malware re-write Policy. 
     

    These Group Policies do not exist by default, and if our scanner detects them....

     

    ....and if our scanner detects suggests detecting Group Policies is not norm...?

     

    Thank you,

    Regards

  4. Hello,

    Sorry for delay in responding.  I did not get email notice of your reply.

    Thank you.  I am familar with relevant information about EEK at this link

    That's how I was introduced to EEK.

    I've read EAM may run as companion on-demand scanner in freeware mode. 

    Although, I have no insight into how/why EEK is very different than EAM, even when it is running in freeware mode.

     

    So, to my OP question >

    For second opinion on-demand scanner, whether EEK is okay or EAM (free) would be more appropriate.

    And how/why is EAM different from EEK when EAM is running in freeware mode. 

    I'm trying to introduce myself to Emsisoft.

     

    Since you prompt paste.  I'll paste.
    Emsisoft Emergency Kit - Version 10.0
    Last update: 10/25/2015 12:14:28 PM
    User account: BJM-PCW8\bjms

    Scan settings:

    Scan type: Custom Scan
    Objects: Rootkits, Memory, Traces, C:\, D:\

    Detect PUPs: On
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start:    10/25/2015 12:32:22 PM
    C:\Users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\x8gadp9d.default\Searchplugins\safesearch.xml     detected: Application.SearchPlug (A)
    C:\Users\bjms\AppData\Roaming\Mozilla\Firefox\Profiles\br0fgu8r.default\Searchplugins\safesearch.xml     detected: Application.SearchPlug (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD     detected: Setting.DisableCMD (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)
    Key: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}     detected: Application.Win32.WSearch (A)
    Key: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}     detected: Application.Win32.WSearch (A)
    Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
    Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
    Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
    Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
    Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)

    Scanned    318410
    Found    34

    Scan end:    10/25/2015 1:09:34 PM
    Scan time:    0:37:12
     

  5. Hello EMSI Community,

    Newbie questions regarding EEK v10.0.0.5488

     

    EEK install / update / run / report appear to be okay.

     

    Curious as to why EEK Help File points to EAM/EIS.

     

    Is EEK esentially the same as EAM after 30 day Trial. 

    For second opinion on-demand scanner, whether EEK is okay or EAM (free) would be more appropriate.

     

    EEK scans find 34 detections with 4 No Risk and 30 without any Risk Level information.  30 appear to be reg keys.
    What may/does the absence of "Risk Level" info denote.

     

    May I attach scan report here or should I go to "Help, my PC is infected!

     

    Thanks...(sorry, don't find editor spell check)

×
×
  • Create New...